<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<head th:replace="~{common/common::head}"></head>
<body>
<div class="layuimini-container">
    <div class="layuimini-main">
        <div class="layui-row layui-col-space15">
            <div class="layui-col-md12">
                <fieldset class="layui-elem-field layui-field-title">
                    <legend style="color: rgb(30 159 255)">任意文件操作 - 文件下载</legend>
                    <blockquote class="layui-elem-quote layui-quote-nm"
                                style="font-size: 15px;background-color: #a7deefab;box-shadow: 0 .125rem .25rem rgba(0, 0, 0, .075) !important">
                        <p>
                        <pre>   任意文件下载：攻击者通过漏洞或恶意代码，未经授权地从目标系统或网络中获取文件，可能导致信息泄露或系统被入侵。</pre>
                        </p>
                    </blockquote>
                </fieldset>
            </div>

            <div class="layui-col-md12" style="margin-top: 10px">
                <div class="layui-row layui-col-space15">
                    <div class="layui-col-md6">
                        <h1><span class="iconfont icon-bug">  漏洞环境：原生漏洞环境</span></h1>
                        <div class="layui-tab layui-tab-brief">

                            <div class="layui-tab-content">
                                <div class="layui-tab-item layui-show">
                                    <blockquote class="layui-elem-quote main_btn">
                                        <p>文件路径没做限制，可使用../遍历任意文件</p>
                                        <a target="_blank" href="/file/download/downloadFile?fileName=/etc/passwd">
                                            <button class="layui-btn layui-btn-normal" style="width: 100px; margin-left: 10px;">
                                                <span class="iconfont icon-zhihang">Run</span>
                                            </button>
                                        </a>
                                    </blockquote>
                                </div>
                            </div>
                        </div>
                    </div>

                    <div class="layui-col-md6">
                        <h1><span class="iconfont icon-code">  缺陷代码</span></h1>
                        <div class="m-auto div-shadow shadow p-3 mb-5 bg-white rounded">
                            <div class="code-editor" id="downloadFile">
                            </div>
                        </div>
                    </div>
                </div>
            </div>

            <div class="layui-col-md12" style="margin-top: 10px">
                <div class="layui-row layui-col-space15">
                    <div class="layui-col-md6">
                        <h1><span class="iconfont icon-anquan">  安全代码：文件读取白名单</span></h1>
                        <div class="layui-tab layui-tab-brief">

                            <div class="layui-tab-content">
                                <div class="layui-tab-item layui-show">
                                    <blockquote class="layui-elem-quote main_btn">
                                        <p>可尝试下载test.txt、text.jsp文件</p>
                                        <a target="_blank" href="/file/download/safeDownloadFile?fileName=/etc/hosts">
                                            <button class="layui-btn layui-btn-normal" style="width: 100px; margin-left: 10px;">
                                                <span class="iconfont icon-zhihang">Run</span>
                                            </button>
                                        </a>
                                    </blockquote>
                                </div>

                                <div class="layui-col-md12">
                                    <div class="layui-card">
                                        <div class="layui-card-header"><i class="fa fa-bullhorn icon-tip"></i>tips</div>
                                        <div class="layui-card-body layui-text layadmin-text">
                                            <pre style="color: #28333e;font-size: 15px;">安全编码建议：
    1、限制目录访问：将用户的文件操作限制在特定的安全目录内，确保所有路径操作都在该目录下进行。
    2、输入验证和清理：过滤用户输入，防止目录遍历攻击。禁止使用 ..、/、\ 等特殊字符。
    3、使用白名单策略：只允许符合安全规则的文件类型和格式被下载，限制文件扩展名。
    4、权限控制：设置文件和目录的访问权限，确保只有授权用户可以进行下载操作。</pre>
                                        </div>
                                    </div>
                                </div>

                            </div>
                        </div>
                    </div>

                    <div class="layui-col-md6">
                        <h1><span class="iconfont icon-code">  缺陷代码</span></h1>
                        <div class="m-auto div-shadow shadow p-3 mb-5 bg-white rounded">
                            <div class="code-editor" id="anyFileUploadWhiteCode">
                            </div>
                        </div>
                    </div>
                </div>
            </div>
        </div>
    </div>
</div>

<div th:replace="~{common/common::script}"></div>
<script type="text/javascript">
    layui.use(['layer', 'miniTab', 'common', 'upload'], function () {
        var $ = layui.jquery,
            layer = layui.layer,
            miniTab = layui.miniTab,
            common = layui.common,
            upload = layui.upload;
        miniTab.listen();
        layer.msg("任意文件类-文件下载")

        function createUploadInstance(config) {
            return upload.render({
                elem: config.elem, // Element to bind
                url: config.url, // Upload endpoint
                method: config.method || 'post', // Default is POST
                accept: config.accept || 'file', // Accept all file types
                auto: config.auto || false, // Auto-upload is disabled
                bindAction: config.bindAction, // Button to trigger upload
                size: config.size || 50 * 1024, // Maximum file size (in KB)
                multiple: config.multiple || false, // Allow multiple files
                drag: config.drag || true, // Enable drag and drop
                done: function (res) {
                    console.log("上传文件成功：" + JSON.stringify(res));
                    $(config.resultElem).html(JSON.parse(JSON.stringify(res)).msg);
                },
                error: function (index, upload) {
                    console.log("上传文件失败🤔️");
                }
            });
        }
        function createUploadInstanceWhite(config) {
            return upload.render({
                elem: config.elem,
                url: config.url,
                method: config.method || 'post',
                exts: config.exts || 'png|jpg|gif｜jpeg|bmp|ico',
                auto: config.auto || false,
                bindAction: config.bindAction,
                size: config.size || 50 * 1024,
                multiple: config.multiple || false,
                drag: config.drag || true,
                done: function (res) {
                    console.log("上传文件成功：" + JSON.stringify(res));
                    $(config.resultElem).html(JSON.parse(JSON.stringify(res)).msg);
                },
                error: function (index, upload) {
                    console.log("上传文件失败🤔️");
                }
            });
        }

        var uploadAnyFile = createUploadInstance({
            elem: '#anyFileUpload',
            url: '/file/upload/anyFIleUpload',
            bindAction: '#anyFileUploadButton',
            resultElem: '#anyFileUpload-result'
        });

        var uploadAnyFileWhite = createUploadInstanceWhite({
            elem: '#anyFileUploadWhite',
            url: '/file/upload/anyFIleUploadWhiteList',
            bindAction: '#anyFileUploadWhiteButton',
            resultElem: '#anyFileUploadWhite-result'
        });

        var cmConfig = {
            lineNumbers: true,
            lineWrapping: false,
            indentUnit: 4,
            indentWithTabs: true,
            theme: 'juejin',
            styleActiveLine: {nonEmpty: true},
            fontSize: "18px",
            mode: "text/x-java"
        };

        var cmConfigSafe = {
            lineNumbers: true,
            lineWrapping: false,
            indentUnit: 4,
            indentWithTabs: true,
            theme: 'juejinsafe',
            styleActiveLine: {nonEmpty: true},
            fontSize: "18px",
            mode: "text/x-java"
        };

        CodeMirror(document.getElementById("downloadFile"), Object.assign({}, cmConfig, {
            value: downloadFile
        }));
        CodeMirror(document.getElementById("anyFileUploadWhiteCode"), Object.assign({}, cmConfigSafe, {
            value: anyFileUploadWhiteCode
        }));


    });
</script>

</body>
</html>
